We have a REST service that will get called to retrieve the active roles for a user. Need to restrict who can make this call.
----- Original Message ----- From: "Shawn McKinney" <[email protected]> To: [email protected] Sent: Monday, February 8, 2016 4:19:23 PM Subject: Re: Access Manager Permissions > On Feb 8, 2016, at 12:33 PM, Chris Pike <[email protected]> wrote: > > I don't see any ARBAC permissions for the access manager. Is there any way to > restrict who can call the access managers methods (authorizedRoles, > sessionRoles, etc...)? No. It could be added, just never thought it necessary before. What is the rationale?
